The matteroTM API uses API keys to authenticate requests. These API keys can be managed by a matteroTM admin for your organisation from the global settings page. These API keys only successfully authenticate against the API and cannot be used for regular interactions with matteroTM.
The API Keys are reference Bearer tokens, as such, they need to be included in the Authorization header
in the format Bearer Bearer {API_KEY}.
All API requests should be made over the HTTPS protocol to ensure your Organisations data is secure. Any requests made using the HTTP protocol without TLS will result in a redirect to the same URL for the HTTPS protocol.
If you have a valid API Key, you will know that authentication and authorization were successful if the responses status code is not 401 or 403. If you receive either of these status codes please ensure that you are using a valid API key, you are attempting to call one of the listed API endpoints, and you are including the API key in the Authorization header as mentioned above.
You can test authentication with your API key using the following curl command:
curl -I -H "Authorization: Bearer {TOKEN}" -X GET https://my.mattero.com.au/public/api/v1/ping